Spyware Is Keeping "the Man" Down !

Great site, hope someone can help. Trying to get my pc cleaned up and hope this works. Got most of these from from fam and friends that use my pc and are pc illiterate and will click on anything that says click "OK" just to get rid of the popup.
THANKS !

(You should now be able to clear the hidden contents of the AppInit_DLLs value in the right pane without being undone by the hidden process.)

DoubleClick "Appinit_Dlls" value on right pane and erase the data on the lower box (in value field):

"C:\WINDOWS\System32\reshjd.dll", hit 'apply' and 'ok' to set.

Rename NotWindows back to Windows in the left pane, close Registrar Lite and reboot the computer. If all goes well the hidden process will not run at startup and you should now be able to find and *see* the reshjd.dll in C:\WINDOWS\System32.

Using Explorer go to your root drive: C:\ and create new folder, name it: 'Junk'. Unzip and run Winfile from here. Open it up, click File>Move...

Copy and paste this into the 'From' box: C:\WINDOWS\System32\reshjd.dll
Copy and paste this into the 'To' box: C:\Junk\reshjd.dll

Hit OK. Close Winfile and check in C:\Junk for that file - let me know what's there. If it's there, click here to download CWShredder by Merijn Bellekom and run it, hit 'fix' as opposed to 'scan only'. Reboot when done. Run HJT and post a new log for the final steps.

Thanks Daemon !! Followed the steps and when I got to the moving of "Copy and paste this into the 'From' box: C:\WINDOWS\System32\reshjd.dll
Copy and paste this into the 'To' box: C:\Junk\reshjd.dll" I don't know if I wasn't in the right part of the panel or what but it wouldn't let me move. So I went directly into the folder for System32 and found reshjd.dll clicked on it once to highlight it then did the move box and it went. Then followed all of your directions from there and here is my new log.

Click here to download Ad-Aware and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options:

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

Reboot when done, rescan with HJT and post a new log here.

Also could you try to delete the C:\Junk folder - this may be difficult, let me know how you get on.

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

Right Click on the purple Windows folder in the left pane.
Select 'Properties'.
Press 'Permissions'.
Press 'Advanced'.
Remove Check Mark from 'Inherit permissions...'.
Press 'Copy'.
Highlight the group 'Everyone' (note: if this group does not exist then exit Reglite)
Select 'Remove'.
Press 'Apply' and 'OK' on all dialog boxes.

Ok done. Everything seems to be working as it did the first time I turned it on. You have no idea how you have helped me. Thanks again and if there's anything I can ever do to help out this forum please let me know.
Thanks, Archy !!!

0 user(s) are reading this topic

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.